In today's high-tech, fast-paced, hyper-connected world, people are spending more and more time on the internet to complete more of their daily activities such as online banking and shopping. The convenience afforded by the access and availability of the online world, however, is not without drawbacks. This increased access has brought with it an unparalleled growth in online fraudulent activity.
Reports about identity takeover, filled with phrases like Trojan, Man in the Middle, Man in the Browser, and Phishing, are increasingly in the news. These emerging threats have triggered a growing awareness by service providers and customers alike. These threats are serious and must be addressed.
Service providers, such as financial institutions, trying to encourage customer activity while at the same time minimizing losses from financial fraud, are looking for ways to deal with these threats. One possible way is to use a risk-based authentication system with a risk engine associated therewith to assign risk scores to transactions. The transactions with a low risk score can be processed. Those transactions with a high risk score can be rejected or else a further step up challenge can be issued. For example, the risk-based authentication system can be configured to challenge a user to confirm their identity in order to allow a transaction to proceed.
However, the above process of issuing challenges to the user can be expensive. A need therefore exists for techniques for improving risk-based authentication systems.